arillso.system.access role – Access management with multi-entry-point support
Note
This role is part of the arillso.system collection (version 1.0.5).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it use: ansible-galaxy collection install arillso.system.
To use it in a playbook, specify: arillso.system.access.
Entry point groups – Group management entry point
Synopsis
Entry point for managing groups
Handles group creation and removal
Parameters
Parameter |
Comments |
|---|---|
List of groups to manage Default: |
|
Group ID |
|
Group name |
|
Group state Choices:
|
|
System group Choices:
|
Entry point main – Access management with multi-entry-point support
Synopsis
Manages system access including users, groups, sudo and SSH
Supports granular control via entry points
Security-focused with validation and backup options
Parameters
Parameter |
Comments |
|---|---|
Backup configuration files before changes Choices:
|
|
Enable debug output for troubleshooting Choices:
|
|
List of groups to manage Default: |
|
Group ID |
|
Group name |
|
Group state Choices:
|
|
System group Choices:
|
|
Enable group management entry point Choices:
|
|
Number of retry attempts for tasks Default: |
|
Delay in seconds between retry attempts Default: |
|
Additional services to restart after access changes Default: |
|
Enable SSH agent forwarding Choices:
|
|
List of groups allowed to connect via SSH Default: |
|
List of users allowed to connect via SSH Default: |
|
Enable challenge-response authentication Choices:
|
|
Maximum client alive messages without response Default: |
|
Interval in seconds for client alive messages Default: |
|
Enable SSH compression Choices:
|
|
Extra SSH configuration options as key-value pairs Default: |
|
List of groups denied SSH access Default: |
|
List of users denied SSH access Default: |
|
Allow remote hosts to connect to forwarded ports Choices:
|
|
Enable GSSAPI authentication Choices:
|
|
Enable Kerberos authentication Choices:
|
|
List of SSH keys to manage Default: |
|
Remove all other keys Choices:
|
|
SSH public key |
|
SSH key options |
|
Key state Choices:
|
|
Username |
|
Enable SSH key management entry point Choices:
|
|
List of addresses for SSH to listen on Default: |
|
SSH daemon log level Default: |
|
Time in seconds to authenticate before disconnecting Default: |
|
Maximum authentication attempts per connection Default: |
|
Maximum number of open sessions per connection Default: |
|
Maximum concurrent unauthenticated connections Default: |
|
Enable password authentication Choices:
|
|
Permit empty passwords Choices:
|
|
Permit root login Choices:
|
|
Allow tunnel device forwarding Choices:
|
|
Allow users to set environment variables Choices:
|
|
SSH port Default: |
|
Enable public key authentication Choices:
|
|
Restart SSH service when configuration changes Choices:
|
|
Enable SSH server configuration entry point Choices:
|
|
Enable SSH service Choices:
|
|
SSH service state Choices:
|
|
Path to SFTP server binary Default: |
|
Syslog facility for SSH daemon Default: |
|
Enable TCP forwarding Choices:
|
|
Enable TCP keepalive messages Choices:
|
|
Enable X11 forwarding Choices:
|
|
List of sudoers entries Default: |
|
Commands allowed Default: |
|
Group to grant sudo access |
|
Hosts where rule applies Default: |
|
Entry name (for filename) |
|
Allow without password Choices:
|
|
Users to run commands as Default: |
|
Allow setting environment Choices:
|
|
Sudoers entry state Choices:
|
|
User to grant sudo access |
|
Enable sudoers management entry point Choices:
|
|
Group of sudoers files Default: |
|
File mode for sudoers files Default: |
|
Owner of sudoers files Default: |
|
Validate sudoers syntax with visudo Choices:
|
|
Create home directory by default for new users Choices:
|
|
Default shell for new users Default: |
|
Default password update policy for users Default: |
|
List of users to manage Default: |
|
User comment (GECOS) |
|
Create home directory Choices:
|
|
Primary group |
|
List of supplementary groups |
|
Home directory |
|
Username |
|
Encrypted password hash |
|
Remove home directory when state=absent Choices:
|
|
User shell Default: |
|
SSH keys for this user |
|
Remove all other keys Choices:
|
|
SSH public key |
|
SSH key options |
|
Key state Choices:
|
|
Username (optional, defaults to parent user’s name) |
|
User state Choices:
|
|
System user Choices:
|
|
User ID |
|
When to update password Choices:
|
|
Enable user management entry point Choices:
|
|
Validate SSH config before applying Choices:
|
|
Validate sudoers files before applying Choices:
|
Entry point ssh – SSH server configuration entry point
Synopsis
Entry point for SSH server configuration
Handles sshd_config and service management
Parameters
Parameter |
Comments |
|---|---|
Enable SSH agent forwarding Choices:
|
|
List of groups allowed to connect via SSH Default: |
|
List of users allowed to connect via SSH Default: |
|
Enable challenge-response authentication Choices:
|
|
Maximum client alive messages without response Default: |
|
Interval in seconds for client alive messages Default: |
|
Enable SSH compression Choices:
|
|
Extra SSH configuration options as key-value pairs Default: |
|
List of groups denied SSH access Default: |
|
List of users denied SSH access Default: |
|
Allow remote hosts to connect to forwarded ports Choices:
|
|
Enable GSSAPI authentication Choices:
|
|
Enable Kerberos authentication Choices:
|
|
List of addresses for SSH to listen on Default: |
|
SSH daemon log level Default: |
|
Time in seconds to authenticate before disconnecting Default: |
|
Maximum authentication attempts per connection Default: |
|
Maximum number of open sessions per connection Default: |
|
Maximum concurrent unauthenticated connections Default: |
|
Enable password authentication Choices:
|
|
Permit empty passwords Choices:
|
|
Permit root login Choices:
|
|
Allow tunnel device forwarding Choices:
|
|
Allow users to set environment variables Choices:
|
|
SSH port Default: |
|
Enable public key authentication Choices:
|
|
Restart SSH service when configuration changes Choices:
|
|
Enable SSH service Choices:
|
|
SSH service state Choices:
|
|
Path to SFTP server binary Default: |
|
Syslog facility for SSH daemon Default: |
|
Enable TCP forwarding Choices:
|
|
Enable TCP keepalive messages Choices:
|
|
Enable X11 forwarding Choices:
|
|
Validate SSH config before applying Choices:
|
Entry point ssh_keys – SSH key management entry point
Synopsis
Entry point for managing SSH authorized keys
Handles SSH key deployment for users
Parameters
Parameter |
Comments |
|---|---|
List of SSH keys to manage Default: |
|
Remove all other keys Choices:
|
|
SSH public key |
|
SSH key options |
|
Key state Choices:
|
|
Username |
Entry point sudoers – Sudoers management entry point
Synopsis
Entry point for managing sudoers configuration
Handles sudo access control
Parameters
Parameter |
Comments |
|---|---|
List of sudoers entries Default: |
|
Commands allowed Default: |
|
Group to grant sudo access |
|
Hosts where rule applies Default: |
|
Entry name (for filename) |
|
Allow without password Choices:
|
|
Users to run commands as Default: |
|
Allow setting environment Choices:
|
|
Sudoers entry state Choices:
|
|
User to grant sudo access |
|
Group of sudoers files Default: |
|
File mode for sudoers files Default: |
|
Owner of sudoers files Default: |
|
Validate sudoers syntax with visudo Choices:
|
|
Validate sudoers files before applying Choices:
|
Entry point users – User management entry point
Synopsis
Entry point for managing user accounts
Handles user creation, modification and removal
Parameters
Parameter |
Comments |
|---|---|
Create home directory by default for new users Choices:
|
|
Default shell for new users Default: |
|
Default password update policy for users Default: |
|
List of users to manage Default: |
|
User comment (GECOS) |
|
Create home directory Choices:
|
|
Primary group |
|
List of supplementary groups |
|
Home directory |
|
Username |
|
Encrypted password hash |
|
Remove home directory when state=absent Choices:
|
|
User shell Default: |
|
SSH keys for this user |
|
Remove all other keys Choices:
|
|
SSH public key |
|
SSH key options |
|
Key state Choices:
|
|
Username (optional, defaults to parent user’s name) |
|
User state Choices:
|
|
System user Choices:
|
|
User ID |
|
When to update password Choices:
|